IE and the Accept Header

RFC 2616 describes the Accept request header as follows: The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to indicate that the request is specifically limited to a small set of desired types, as in the case of a request for…

18

Internet Explorer and Custom HTTP Headers

Someone recently asked me for a list of custom HTTP request and response headers introduced by the IE team over the years.  Here’s the list I’ve come up with so far (including a few that were introduced before I joined the team): Request Headers   UA-CPU Allows a website to determine what CPU a client…


HTTP/HTTPS Port-Blocking in WinINET

Internet Explorer (actually, WinINET, the network stack beneath IE) prohibits use of certain ports for HTTP(S) connections. The intent of this blocking is to prevent Cross Service/Protocol Request Forgery attacks. For instance, an attacker could use a HTML form to send a request to an unprotected mail server such that the mail server interprets the request as a valid (albeit poorly-formatted) request to…